Vulnerability-Lookup

CVE-2021-25642 (GCVE-0-2021-25642)

Vulnerability from cvelistv5 – Published: 2022-08-25 00:00 – Updated: 2024-08-03 20:11

Title

Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler

Summary

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.

Severity ?

No CVSS data available.

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

apache

References

URL

	Vendor	Product	Version
	Apache Software Foundation	Apache Hadoop	Affected: 2.9.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.3, and 3.3.0 to 3.3.3

GHSA-RR2M-GFFV-MGRJ

Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2022-09-08 14:13

Summary

Deserialization of Untrusted Data in Apache Hadoop YARN

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hadoop:hadoop-yarn-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.10.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hadoop:hadoop-yarn-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hadoop:hadoop-yarn-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0"
            },
            {
              "fixed": "3.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-30T20:55:27Z",
    "nvd_published_at": "2022-08-25T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.",
  "id": "GHSA-rr2m-gffv-mgrj",
  "modified": "2022-09-08T14:13:04Z",
  "published": "2022-08-26T00:03:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25642"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/hadoop/commit/5e2f4339fadc88f20543915fc9b0aaeaf4f9e7bf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/hadoop"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221201-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Deserialization of Untrusted Data in Apache Hadoop YARN"
}

GSD-2021-25642

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-25642

Aliases

CVE-2021-25642

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-25642",
    "description": "ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.",
    "id": "GSD-2021-25642"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-25642"
      ],
      "details": "ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.",
      "id": "GSD-2021-25642",
      "modified": "2023-12-13T01:23:21.731432Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2021-25642",
        "STATE": "PUBLIC",
        "TITLE": "Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Hadoop",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.9.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.3, and 3.3.0 to 3.3.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Apache Hadoop would like to thank Liu Ximing for reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": [
        {}
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-502 Deserialization of Untrusted Data"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20221201-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20221201-0003/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.9.0,2.10.2),[3.0.0,3.2.4),[3.3.0,3.3.4)",
          "affected_versions": "All versions starting from 2.9.0 before 2.10.2, all versions starting from 3.0.0 before 3.2.4, all versions starting from 3.3.0 before 3.3.4",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2023-02-10",
          "description": "ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.",
          "fixed_versions": [
            "2.10.2",
            "3.2.4",
            "3.3.4"
          ],
          "identifier": "CVE-2021-25642",
          "identifiers": [
            "CVE-2021-25642"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.apache.hadoop/hadoop-yarn-server-nodemanager",
          "pubdate": "2022-08-25",
          "solution": "Upgrade to versions 2.10.2, 3.2.4, 3.3.4 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-25642",
            "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150"
          ],
          "uuid": "52c3f304-c493-405e-9273-583ae6810125"
        },
        {
          "affected_range": "(,2.10.2),[3.0.0,3.2.4),[3.3.0,3.3.4)",
          "affected_versions": "All versions before 2.10.2, all versions starting from 3.0.0 before 3.2.4, all versions starting from 3.3.0 before 3.3.4",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-08-30",
          "description": "ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.",
          "fixed_versions": [
            "2.10.2",
            "3.2.4",
            "3.3.4"
          ],
          "identifier": "CVE-2021-25642",
          "identifiers": [
            "GHSA-rr2m-gffv-mgrj",
            "CVE-2021-25642"
          ],
          "not_impacted": "All versions starting from 2.10.2 before 3.0.0, all versions starting from 3.2.4 before 3.3.0, all versions starting from 3.3.4",
          "package_slug": "maven/org.apache.hadoop/hadoop-yarn-server",
          "pubdate": "2022-08-26",
          "solution": "Upgrade to versions 2.10.2, 3.2.4, 3.3.4 or above.",
          "title": "Deserialization of Untrusted Data in Apache Hadoop YARN",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-25642",
            "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150",
            "https://github.com/apache/hadoop/commit/5e2f4339fadc88f20543915fc9b0aaeaf4f9e7bf",
            "https://github.com/advisories/GHSA-rr2m-gffv-mgrj"
          ],
          "uuid": "f9384fe7-9680-40f6-907d-9062b1b69668"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.10.2",
                "versionStartIncluding": "2.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.3.4",
                "versionStartIncluding": "3.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.4",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-25642"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20221201-0003/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20221201-0003/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-10T17:37Z",
      "publishedDate": "2022-08-25T14:15Z"
    }
  }
}

CNVD-2022-76237

Vulnerability from cnvd - Published: 2022-11-11

Title

Apache Hadoop代码问题漏洞

Description

Apache Hadoop是美国阿帕奇（Apache）基金会的一套开源的分布式系统基础架构。该产品能够对大量数据进行分布式处理，并具有高可靠性、高扩展性、高容错性等特点。 Apache Hadoop YARN存在安全漏洞，该漏洞源于其CapacityScheduler可选地使用ZKConfigurationStore时，它将从ZooKeeper获取的数据反序列化而无需验证。能够访问ZooKeeper的攻击者可以利用该漏洞以YARN用户的身份运行任意命令。

Severity

高

Patch Name

Apache Hadoop代码问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-25642

Impacted products

Name
['Apache Hadoop >=2.9.0，<2.10.2', 'Apache Hadoop >=3.0.0，<3.2.4', 'Apache Hadoop >=3.3.0，<3.3.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-25642",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-25642"
    }
  },
  "description": "Apache Hadoop\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u7cfb\u7edf\u57fa\u7840\u67b6\u6784\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u5bf9\u5927\u91cf\u6570\u636e\u8fdb\u884c\u5206\u5e03\u5f0f\u5904\u7406\uff0c\u5e76\u5177\u6709\u9ad8\u53ef\u9760\u6027\u3001\u9ad8\u6269\u5c55\u6027\u3001\u9ad8\u5bb9\u9519\u6027\u7b49\u7279\u70b9\u3002\n\nApache Hadoop YARN\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5176CapacityScheduler\u53ef\u9009\u5730\u4f7f\u7528ZKConfigurationStore\u65f6\uff0c\u5b83\u5c06\u4eceZooKeeper\u83b7\u53d6\u7684\u6570\u636e\u53cd\u5e8f\u5217\u5316\u800c\u65e0\u9700\u9a8c\u8bc1\u3002\u80fd\u591f\u8bbf\u95eeZooKeeper\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5YARN\u7528\u6237\u7684\u8eab\u4efd\u8fd0\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-76237",
  "openTime": "2022-11-11",
  "patchDescription": "Apache Hadoop\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u7cfb\u7edf\u57fa\u7840\u67b6\u6784\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u5bf9\u5927\u91cf\u6570\u636e\u8fdb\u884c\u5206\u5e03\u5f0f\u5904\u7406\uff0c\u5e76\u5177\u6709\u9ad8\u53ef\u9760\u6027\u3001\u9ad8\u6269\u5c55\u6027\u3001\u9ad8\u5bb9\u9519\u6027\u7b49\u7279\u70b9\u3002\r\n\r\nApache Hadoop YARN\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5176CapacityScheduler\u53ef\u9009\u5730\u4f7f\u7528ZKConfigurationStore\u65f6\uff0c\u5b83\u5c06\u4eceZooKeeper\u83b7\u53d6\u7684\u6570\u636e\u53cd\u5e8f\u5217\u5316\u800c\u65e0\u9700\u9a8c\u8bc1\u3002\u80fd\u591f\u8bbf\u95eeZooKeeper\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5YARN\u7528\u6237\u7684\u8eab\u4efd\u8fd0\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Hadoop\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Hadoop \u003e=2.9.0\uff0c\u003c2.10.2",
      "Apache Hadoop \u003e=3.0.0\uff0c\u003c3.2.4",
      "Apache Hadoop \u003e=3.3.0\uff0c\u003c3.3.4"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-25642",
  "serverity": "\u9ad8",
  "submitTime": "2022-08-30",
  "title": "Apache Hadoop\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

FKIE_CVE-2021-25642

Vulnerability from fkie_nvd - Published: 2022-08-25 14:15 - Updated: 2024-11-21 05:55

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150	Mailing List, Vendor Advisory
security@apache.org	https://security.netapp.com/advisory/ntap-20221201-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221201-0003/	Third Party Advisory

Impacted products

Vendor	Product	Version
apache	hadoop	*
apache	hadoop	*
apache	hadoop	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A6A3293-6E60-4350-8917-DA91C6AE2A72",
              "versionEndExcluding": "2.10.2",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D8C1FE0-05B1-49CC-9D4A-DA0FC5E57746",
              "versionEndExcluding": "3.2.4",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C26B2A-31E2-4766-BA87-B6AE083EF8AE",
              "versionEndExcluding": "3.3.4",
              "versionStartIncluding": "3.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used."
    },
    {
      "lang": "es",
      "value": "ZKConfigurationStore que es usado opcionalmente por CapacityScheduler de Apache Hadoop YARN de serializa los datos obtenidos de ZooKeeper sin comprobaci\u00f3n. Un atacante que tenga acceso a ZooKeeper puede ejecutar comandos arbitrarios como usuario de YARN al aprovechar esto. Los usuarios deben actualizar a Apache Hadoop versiones 2.10.2, 3.2.4, 3.3.4 o posteriores (que contengan YARN-11126) si es usado ZKConfigurationStore."
    }
  ],
  "id": "CVE-2021-25642",
  "lastModified": "2024-11-21T05:55:11.800",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-25T14:15:09.067",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221201-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221201-0003/"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CERTFR-2025-AVI-0512

Vulnerability from certfr_avis - Published: 2025-06-13 - Updated: 2025-06-13

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.16
IBM	Db2	Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4
IBM	Db2 Warehouse	Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7236500	2025-06-12	vendor-advisory
Bulletin de sécurité IBM 7234674	2025-06-11	vendor-advisory
Bulletin de sécurité IBM 7236354	2025-06-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
      "product": {
        "name": "Db2 Warehouse",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
    },
    {
      "name": "CVE-2018-19361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
    },
    {
      "name": "CVE-2023-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
    },
    {
      "name": "CVE-2021-33036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2024-22201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2018-14719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2025-47944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2025-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
    },
    {
      "name": "CVE-2025-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
    },
    {
      "name": "CVE-2024-25638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2023-45178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
    },
    {
      "name": "CVE-2024-47076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
    },
    {
      "name": "CVE-2024-47177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
    },
    {
      "name": "CVE-2022-30635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
    },
    {
      "name": "CVE-2022-26612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2024-47561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2024-31881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2018-14718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
    },
    {
      "name": "CVE-2025-0923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2018-19360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-31880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2024-28762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2023-50298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2024-53197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
    },
    {
      "name": "CVE-2025-43859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2024-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2024-37529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2021-25642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
    },
    {
      "name": "CVE-2024-53382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2020-9492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
    },
    {
      "name": "CVE-2025-27220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2024-12905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
    },
    {
      "name": "CVE-2024-41946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
    },
    {
      "name": "CVE-2024-52046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
    },
    {
      "name": "CVE-2021-37404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
    },
    {
      "name": "CVE-2025-47935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2023-44981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2024-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2024-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
    },
    {
      "name": "CVE-2024-57965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
    },
    {
      "name": "CVE-2023-29267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
    },
    {
      "name": "CVE-2024-31882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2018-14720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
    },
    {
      "name": "CVE-2024-47176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2023-52922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2024-6827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
    },
    {
      "name": "CVE-2018-14721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
    },
    {
      "name": "CVE-2018-11307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2025-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
    },
    {
      "name": "CVE-2022-42969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2024-41091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
    },
    {
      "name": "CVE-2024-35152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2025-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
    },
    {
      "name": "CVE-2023-42282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2024-47175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
    },
    {
      "name": "CVE-2024-41123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
    },
    {
      "name": "CVE-2023-39663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
    },
    {
      "name": "CVE-2024-35136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
    },
    {
      "name": "CVE-2022-25168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
    },
    {
      "name": "CVE-2024-49761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    }
  ],
  "initial_release_date": "2025-06-13T00:00:00",
  "last_revision_date": "2025-06-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0512",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
      "url": "https://www.ibm.com/support/pages/node/7236500"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
      "url": "https://www.ibm.com/support/pages/node/7234674"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
      "url": "https://www.ibm.com/support/pages/node/7236354"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-25642 (GCVE-0-2021-25642)

GHSA-RR2M-GFFV-MGRJ

GSD-2021-25642

CNVD-2022-76237

FKIE_CVE-2021-25642

CERTFR-2025-AVI-0512

Solutions

Tags

Sightings

Nomenclature